Skip to content

Commit b39bd6d

Browse files
namratabnamratab
committed
Merge branch 'dev' of github.com:Azure/azure-powershell into roleassignmentmerge
Conflicts: src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
2 parents c4e0d6a + 6c61e03 commit b39bd6d

File tree

5 files changed

+36
-69
lines changed

5 files changed

+36
-69
lines changed

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -160,25 +160,25 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
160160
}
161161

162162
result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
163-
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
163+
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
164164

165165
// Filter out by scope
166166
if (!string.IsNullOrEmpty(options.Scope))
167167
{
168-
result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));
168+
result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));
169169
}
170170
}
171171
else if (!string.IsNullOrEmpty(options.Scope))
172172
{
173173
// Filter by scope and above directly
174174
parameters.AtScope = true;
175175
result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)
176-
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
176+
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
177177
}
178178
else
179179
{
180180
result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
181-
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
181+
.RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
182182
}
183183

184184
if (!string.IsNullOrEmpty(options.RoleDefinition))
@@ -204,7 +204,10 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
204204
/// <returns>The deleted role assignments</returns>
205205
public PSRoleAssignment RemoveRoleAssignment(FilterRoleAssignmentsOptions options)
206206
{
207-
PSRoleAssignment roleAssignment = FilterRoleAssignments(options, currentSubscription: string.Empty).FirstOrDefault();
207+
// Match role assignments at exact scope. At most 1 roleAssignment should match the criteria
208+
PSRoleAssignment roleAssignment = FilterRoleAssignments(options, currentSubscription: string.Empty)
209+
.Where(ra => ra.Scope == options.Scope.TrimEnd('/'))
210+
.FirstOrDefault();
208211

209212
if (roleAssignment != null)
210213
{

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)
4444
return roleDefinition;
4545
}
4646

47-
public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient)
47+
public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, bool excludeAssignmentsForDeletedPrincipals = true)
4848
{
4949
PSRoleDefinition roleDefinition = policyClient.GetRoleDefinition(role.Properties.RoleDefinitionId);
5050
PSADObject adObject = activeDirectoryClient.GetADObject(new ADObjectFilterOptions { Id = role.Properties.PrincipalId.ToString() }) ?? new PSADObject() { Id = role.Properties.PrincipalId };
@@ -92,7 +92,7 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth
9292
ObjectId = adObject.Id
9393
};
9494
}
95-
else
95+
else if (!excludeAssignmentsForDeletedPrincipals)
9696
{
9797
return new PSRoleAssignment()
9898
{
@@ -105,6 +105,8 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth
105105
ObjectId = adObject.Id
106106
};
107107
}
108+
109+
return null;
108110
}
109111

110112
public static PSRoleAssignment ToPSRoleAssignment(this ClassicAdministrator classicAdministrator, string currentSubscriptionId)

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,5 +57,7 @@ public string Scope
5757
public bool ExpandPrincipalGroups { get; set; }
5858

5959
public bool IncludeClassicAdministrators { get; set; }
60+
61+
public bool ExcludeAssignmentsForDeletedPrincipals { get; set; }
6062
}
6163
}

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -264,10 +264,11 @@ protected override void ProcessRecord()
264264
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
265265
},
266266
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
267-
IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent
267+
IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent,
268+
ExcludeAssignmentsForDeletedPrincipals = true
268269
};
269270

270-
WriteObject(PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()), true);
271+
WriteObject(PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()), enumerateCollection: true);
271272
}
272273
}
273274
}

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs

Lines changed: 19 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -30,108 +30,70 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
3030
{
3131
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
3232
HelpMessage = "The user or group object id")]
33-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
34-
HelpMessage = "The user or group object id.")]
3533
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
3634
HelpMessage = "The user or group object id.")]
3735
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
3836
HelpMessage = "The user or group object id.")]
39-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ObjectId,
40-
HelpMessage = "The user or group object id.")]
4137
[ValidateNotNullOrEmpty]
4238
[Alias("Id", "PrincipalId")]
4339
public Guid ObjectId { get; set; }
4440

45-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
46-
HelpMessage = "The user or group email address.")]
47-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
48-
HelpMessage = "The user or group email address.")]
49-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
50-
HelpMessage = "The user or group email address.")]
51-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
41+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
5242
HelpMessage = "The user or group email address.")]
53-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Mail,
43+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
5444
HelpMessage = "The user or group email address.")]
5545
[ValidateNotNullOrEmpty]
5646
public string Mail { get; set; }
5747

58-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
59-
HelpMessage = "The user UPN.")]
60-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
61-
HelpMessage = "The user UPN.")]
62-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
63-
HelpMessage = "The user UPN.")]
64-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
48+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
6549
HelpMessage = "The user UPN.")]
66-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.UPN,
50+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
6751
HelpMessage = "The user UPN.")]
6852
[ValidateNotNullOrEmpty]
6953
[Alias("UPN")]
7054
public string UserPrincipalName { get; set; }
7155

72-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
73-
HelpMessage = "The app SPN.")]
74-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
75-
HelpMessage = "The app SPN.")]
76-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
77-
HelpMessage = "The app SPN.")]
78-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
56+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
7957
HelpMessage = "The app SPN.")]
80-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SPN,
58+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
8159
HelpMessage = "The app SPN.")]
8260
[ValidateNotNullOrEmpty]
8361
[Alias("SPN")]
8462
public string ServicePrincipalName { get; set; }
8563

86-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
87-
HelpMessage = "Resource group to assign the role to.")]
88-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
89-
HelpMessage = "Resource group to assign the role to.")]
9064
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
9165
HelpMessage = "Resource group to assign the role to.")]
92-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
93-
HelpMessage = "Resource group to assign the role to.")]
9466
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
9567
HelpMessage = "Resource group to assign the role to.")]
96-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
97-
HelpMessage = "Resource group to assign the role to.")]
9868
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
9969
HelpMessage = "Resource group to assign the role to.")]
100-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
101-
HelpMessage = "Resource group to assign the role to.")]
10270
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
10371
HelpMessage = "Resource group to assign the role to.")]
10472
[ValidateNotNullOrEmpty]
10573
public string ResourceGroupName { get; set; }
10674

107-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
108-
HelpMessage = "Resource to assign the role to.")]
109-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
75+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
11076
HelpMessage = "Resource to assign the role to.")]
111-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
77+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
11278
HelpMessage = "Resource to assign the role to.")]
113-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
79+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
11480
HelpMessage = "Resource to assign the role to.")]
115-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
81+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
11682
HelpMessage = "Resource to assign the role to.")]
11783
[ValidateNotNullOrEmpty]
11884
public string ResourceName { get; set; }
11985

120-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
121-
HelpMessage = "Type of the resource to assign the role to.")]
122-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
86+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
12387
HelpMessage = "Type of the resource to assign the role to.")]
124-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
88+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
12589
HelpMessage = "Type of the resource to assign the role to.")]
126-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
90+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
12791
HelpMessage = "Type of the resource to assign the role to.")]
128-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
92+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
12993
HelpMessage = "Type of the resource to assign the role to.")]
13094
[ValidateNotNullOrEmpty]
13195
public string ResourceType { get; set; }
13296

133-
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
134-
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
13597
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
13698
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
13799
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
@@ -143,10 +105,8 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
143105
[ValidateNotNullOrEmpty]
144106
public string ParentResource { get; set; }
145107

146-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
147-
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/<id>\" or the part after that. If it's latter, the current subscription id will be used.")]
148-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Scope,
149-
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/<id>\" or the part after that. If it's latter, the current subscription id will be used.")]
108+
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
109+
HelpMessage = "Role to assign the principals with.")]
150110
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
151111
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/<id>\" or the part after that. If it's latter, the current subscription id will be used.")]
152112
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
@@ -158,9 +118,7 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
158118
[ValidateNotNullOrEmpty]
159119
public string Scope { get; set; }
160120

161-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
162-
HelpMessage = "Role to assign the principals with.")]
163-
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Role to assign the principals with.")]
121+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Role the principal is assigned to.")]
164122
[ValidateNotNullOrEmpty]
165123
public string RoleDefinitionName { get; set; }
166124

@@ -191,7 +149,8 @@ protected override void ProcessRecord()
191149
ResourceName = ResourceName,
192150
ResourceType = ResourceType,
193151
Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
194-
}
152+
},
153+
ExcludeAssignmentsForDeletedPrincipals = false
195154
};
196155

197156
ConfirmAction(

0 commit comments

Comments
 (0)